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DETAILED ACTION 

1. This action is response to the original filing of December 6, 2005. Claims (1-25) 
are pending and have been considered below. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

2. Claims 1 , 4-9, 1 3-1 5, and 1 8-22 are rejected under 35 U.S.C. 1 02(b) as being 
anticipated by Montague et al. (US Patent No. 5,675,782 and Montague hereinafter). 

3. As to claim 1 , Montague teaches a method for regulating access to an object 
comprising the steps of: 

for a plurality of users, allowing each user to designate (i.e., modify) the 
relationship characteristics (i.e., access permission) between that user and any 
other user [col. 6, lines 53-55]; 

identifying (i.e., specifies) one (i.e., each) of the plurality of users (i.e., 
trustee) as an owner (i.e., access rights) of the object (i.e., entity) [col. 6, lines 31-35]; 

determining if one of the plurality of users has access (i.e., user having 
appropriate permission) to the object by determining if the relationship 
characteristics on at least one path between the one of the plurality of users and 



the owner of the object is a trusted relationship (i.e., database of trustees having 
access permission) between each of the users on that path, where said path 
includes at least one other user (i.e., additional trustee capture in database with 
access permission) beside said owner (i.e., user) of the object (i.e., entity) and the 
one of the plurality of users [col. 6, lines 40-46]. 

4. As to claim 4, Montague teaches a method for regulating access to an object 
where the owner (i.e., operating system/server) of an object may designate another 
user (i.e., trustee) as acting on behalf of the owner (i.e., operating system/server) 
[col. 6, lines 31-35]. 

5. As to claim 5, Montague teaches a method for regulating access to an object 
where the relationship characteristics (i.e., access permission) include a trust 
relationship between the trusted user (i.e., trustee) and the designating user (i.e., 
operating system/server) [col. 6, lines 31-35]. 

6. As to claim 6, Montague teaches a method for regulating access to an object 
where the relationship characteristics (i.e., access permissions) include a trust 
relationship between the trusted user and the designating user (i.e., operating 
system/server), where the trust relationship limits (i.e., access rights) the tasks the 
trusted user (i.e., trustee) may perform [col. 6, lines 31-35]. 



7. As to claim 7, Montague teaches a method for regulating access to an object 
where the relationship characteristics (i.e., access permissions) include a trust 
relationship between the trusted user and the designating user, wherein the trust 
relationship limits the objects (i.e., specific entity) the trusted user may access [col. 
6, lines 41-46]. 

8. As to claim 8, Montague teaches a method for regulating access to an object 
where the trust relationship (i.e., access rights) is limited to types of objects (i.e., 
entity) [col. 6, lines 44-46]. 

9. As to claim 9, Montague teaches a method for regulating access to an object 
where the trust relationship is limited to selected of objects [col. 6, lines 44-46]. 

10. As to claim 13, Montague teaches a method for regulating access to an 
object where the relationship characteristics (i.e., access permission) include a 
trust relationship between the trusted user and the designating user and wherein 
the trust relationship specifies a maximum number of relationships (i.e., 
permission pair)on a path [par. 6, lines 56-60]. 

11. As to claim 14, Montague teaches a method for regulating access (i.e. 
permission) to an object the maximum number of relationships (i.e., permission 
pair) is one [par. 6, lines 56-60]. 



12. As to claim 15, Montague teaches a method of regulating access to an object, 
the method comprising the steps of: 

identifying an object (i.e., specific entity) or a set of objects to which access 
is to be regulated (i.e., access rights) [col. 6, lines 43-46]; 

identifying (i.e., specify) an owner (i.e., trustee) that has control of the 
object(s) [col. 6, lines 31-35]; 

identifying (i.e., define) an a relationship path (i.e., permission) which would 
otherwise be a valid path [col. 6, lines 56-60]; 

allowing (i.e., define) each relationship element to specify the maximum 
number of subsequent elements (i.e., possible trustee) in the path [col. 6, lines 56- 
60]; 

and classifying (i.e., capability to modify) that relationship path (i.e., access 
rights) as invalid if for any element in that path the number of subsequent 
elements (i.e., list of trustees) in the path (i.e., access rights) exceeds the limit (i.e. 
list) specified by that element (i.e., user) (i.e., Montague teaches a user can only 
effect trustee access rights (e.g., relationship path) that is on the list. [col. 3, lines 10- 
20] Thus the list of trustee defines a pre-determined number of trustees (i.e., 
subsequent elements)). 

13. As to claim 18, Montague teaches a method for regulating access to an 
object where the owner (i.e., operating system/server) of an object may designate 
another user (i.e., trustee) as acting on behalf of the owner (i.e., operating 
system/server) [col. 6, lines 31-35]. 



14. As to claim 19, Montague teaches a method for regulating access to an 
object where the relationship path includes a plurality of relationship 
characteristics and at least one relationship characteristic includes a trust 
relationship between the trusted user (i.e., trustee) and the designating user (i.e., 
operating system/server), where the trust relationship limits the tasks (i.e., access 
permission) the trusted user may perform [col. 6, lines 31-35]. 

1 5. As to claim 20, Montague teaches a method for regulating access to an 
object where the relationship path includes a plurality of relationship 
characteristics and at least one relationship characteristic includes a trust 
relationship between the trusted user (i.e., trustee) and the designating user (i.e., 
operating system/server), where the trust relationship limits the objects the trusted 
user may access [col. 6, lines 31-35]. 

16. As to claim 21 , Montague teaches a method for regulating access to an 
object where the trust relationship is limited to types of objects (i.e., specific entity) 
[col. 6, lines 43-46]. 

17. As to claim 22, Montague teaches a method for regulating access to an 
object where the trust relationship is limited to selected of objects [col. 6, lines 43- 
46]. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

18. Claims 1 0-1 2 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Montague in view of Nagel et al (US Patent No. 7,181,017 and Nagel hereinafter). 

18. As to claim 10-12, the system disclosed by Montague shows substantial features 
of the claimed invention (discussed in the paragraph above), it fails to disclose: 
A method for regulating access to an object where the relationship 
characteristics include a distrusted relationship between the distrusted 
user and the designating user (claim 10). 

A method for regulating access to an object where the distrusted 
relationship has an intermediary scope (claim 11). 

A method for regulating access to an object where the distrusted 
relationship has an terminal scope (claim 12). 



However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Montague as introduced by Nagel. Nagel 
discloses: 

A method for regulating access to an object where the relationship 
characteristics include a distrusted relationship between the distrusted 
user and the designating user (claim 10) (to provide a regulatory relational 
access to objects [fig. 3]). 

A method for regulating access to an object where the distrusted 
relationship has an intermediary scope (claim 1 1) (to provide a intermediary 
relationship [320, 31 0, 330, 341 , 342 fig. 3]). 

A method for regulating access to an object where the distrusted 
relationship has an terminal scope (claim 12) (to provide a terminal 
relationship [320, 340, 330 fig. 3]). 

Therefore, given the teachings of Nagel, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Montague by employing the well known features of intermediary and terminal 
relationships disclosed above by Nagel, for which object accessibility will be enhanced 
[fig. 3]. 



19. Claims 2, 3, 16, 17, 24, and 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Montague in view of Auer et al (US Patent No. 200301 91 946 and 
Auer hereinafter). 

18. As to claim 2 and 3, the system disclosed by Montague shows substantial 
features of the claimed invention (discussed in the paragraph above), it fails to disclose: 
A method for regulating access to an object where the relationship 
characteristics include one or more conditions such that the relationship 
characteristics are valid if and only if the one or more conditions are met 
(claim 2). 

A method for regulating access to an object where the relationship 
characteristics include one or more methods of determining a condition 
such that the relationship is valid if and only if the one or more methods of 
determining a condition confirm validity of the relationships characteristic 

(claim 3). 

However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Montague as introduced by Auer. Auer 
discloses: 

A method for regulating access to an object where the relationship 
characteristics include one or more conditions such that the relationship 
characteristics are valid if and only if the one or more conditions are met 



(claim 2) (to provide entity relationship validation means base on pre-defined 
conditions [fig. 7]). 

A method for regulating access to an object where the relationship 
characteristics include one or more methods of determining a condition 
such that the relationship is valid if and only if the one or more methods of 
determining a condition confirm validity of the relationships characteristic 

(claim 3) (to provide entity relationship validation means base on pre-defined 
conditions [fig. 7]). 

Therefore, given the teachings of Auer, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Montague by employing the well known features of entity relationship validation 
disclosed above by Auer, for which relationships between entities will be enhanced 
[fig-7]. 

18. As to claim 16 and 17, the system disclosed by Montague shows substantial 
features of the claimed invention (discussed in the paragraph above), it fails to disclose: 
A method for regulating access to an object where relationship path 
includes a plurality of relationship characteristics and at least one 
relationship characteristic includes one or more conditions such that the 
relationship characteristics are valid if and only if the one or more 
conditions are met (claim 16). 



A method for regulating access to an object where the relationship path 
includes a plurality of relationship characteristics and at least one 
relationship characteristic includes one or more methods of determining a 
condition such that the relationship is valid if and only if the one or more 
methods of determining a condition confirm validity of the relationships 
characteristic (claim 17). 

However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Montague as introduced by Auer. Auer 
discloses: 

A method for regulating access to an object where relationship path 
includes a plurality of relationship characteristics and at least one 
relationship characteristic includes one or more conditions such that the 
relationship characteristics are valid if and only if the one or more 
conditions are met (claim 16) (to provide entity relationship validation means 
base on pre-defined conditions [fig.7]). 

A method for regulating access to an object where the relationship path 
includes a plurality of relationship characteristics and at least one 
relationship characteristic includes one or more methods of determining a 
condition such that the relationship is valid if and only if the one or more 
methods of determining a condition confirm validity of the relationships 



characteristic (claim 17) (to provide entity relationship validation means base on 
pre-defined conditions [fig. 7]). 

Therefore, given the teachings of Auer, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Montague by employing the well known features of entity relationship validation 
disclosed above by Auer, for which relationships between entities will be enhanced 
[fig-7]. 

20. As to claim 24, Montague teaches a method of regulating access to an object 
or set of objects, the method comprising the steps of: 
identifying an entity [col. 6, lines 43-46]; 

defining one or more classes (i.e., types of access control) of control (col. 6, 
lines 58-60); 

Montague does expressly teach: 

and specifying for the entity a set of zero or more conditions and/or a set of zero 
or more methods of determining a condition such that the entity is designated as 
a controlling entity of a specified class if and only if the said set of conditions is 
(are) met and/or the method(s) of determining a condition confirm(s) compliance. 



However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Montague as introduced by Auer. Auer 
discloses: 

and specifying for the entity a set of zero or more conditions and/or a set of zero 
or more methods of determining a condition such that the entity is designated as 
a controlling entity of a specified class if and only if the said set of conditions is 
(are) met and/or the method(s) of determining a condition confirm(s) compliance 

(to provide entity relationship validation means base on pre-defined conditions [fig. 7]). 

Therefore, given the teachings of Auer, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Montague by employing the well known features of entity relationship validation 
disclosed above by Auer, for which relationships between entities will be enhanced 
[fig-7]. 

21 . As to claim 25, Montague teaches a method of regulating access to an object, 
the method comprising the steps of: 

identifying an object or a set of objects to which access is to be 
regulated [col. 6, lines 43-46]; 

identifying an entity that has control of the object(s) [col. 6, lines 31-35]; 

identifying an a relationship path which would otherwise be a valid path 
[col. 6, lines 56-60]; 



Montague does expressly teach: 

defining a distrust relationship as the designation of a distrustee as 
distrusted by a distrustor; 

specifying for each distrust relationship a set of zero or more conditions 
and/or a set of zero or more methods of determining a condition such that the 
relationship is valid if and only if the said set of conditions is (are) met and/or the 
method(s) of determining a condition confirm(s) validity; 

and classifying that relationship path as invalid if for any element in that 
path the grantee of that element is the distrustee of the distrust relationship. 

However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Montague as introduced by Auer. Auer 
discloses: 

defining a distrust relationship as the designation of a distrustee as 
distrusted by a distrustor (to provide entity relationship definition capability [fig. 7]); 

specifying for each distrust relationship a set of zero or more conditions 
and/or a set of zero or more methods of determining a condition such that the 
relationship is valid if and only if the said set of conditions is (are) met and/or the 
method(s) of determining a condition confirm(s) validity (to provide entity 
relationship validation means base on pre-defined conditions [fig. 7]); 



and classifying that relationship path as invalid if for any element in that 
path the grantee of that element is the distrustee of the distrust relationship (to 

provide entity relationship validation means base on pre-defined conditions [fig. 7]). 

Therefore, given the teachings of Auer, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Montague by employing the well known features of entity relationship validation 
disclosed above by Auer, for which relationships between entities will be enhanced 
[fig-7]. 

22. Claim 23 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Montague in view of Sadjadi (US Patent No. 6,850,938). 

23. As to claim 23, Montague teaches a method of resolving a conflict regarding 
a specified access to an object, the method comprising the steps of: 

identifying a set of entities that have control of the object(s) [col. 6, lines 43- 

46]; 

defining an event of access conflict as the condition wherein one or more 
entity relationship(s) would grant the specified access to the object(s) and one or 
more entity relationship(s) would deny the specified access to the object(s) [col. 
3, lines 17-27]; 

defining one or more classes of relationships (i.e., access types) between 
the object(s) and controlling entities [col. 6, lines 56-60]; 



Montague does expressly teach: 

defining an equivalent class resolution rule for event(s) of access conflict 
wherein the controlling entity relationships for one or more relationship class to 
the 

object would grant the specified access and the controlling entity relationships 
for one or more relationship class with the same level in the class relationship 
hierarchy would deny the specified access to the object(s); 

defining a within class resolution rule for event(s) of access conflict 
wherein 

the conflict arises among multiple entities which have the same class of 
relationship to the object(s); 

and allowing or disallowing the specified access to the object(s) based on 
the entity relationship(s) based on the highest level class relationship to the 
object, the within class resolution rule, and the equivalent class resolution rule. 

defining a hierarchy for the classes of object-entity relationships that is 
used to establish precedence in the event of an access conflict; 

However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Montague as introduced by Sadjadi. Sadjadi 
discloses: 

defining an equivalent class resolution rule for event(s) of access conflict 
wherein the controlling entity relationships for one or more relationship class to 



the object would grant the specified access and the controlling entity 
relationships for one or more relationship class with the same level in the class 
relationship hierarchy would deny the specified access to the object(s) (to provide 
access conflict resolution [fig. 1]); 

defining a within class resolution rule for event(s) of access conflict 
wherein the conflict arises among multiple entities which have the same class of 
relationship to the object(s) (to provide access conflict resolution [fig. 1]); 

and allowing or disallowing the specified access to the object(s) based on 
the entity relationship(s) based on the highest level class relationship to the 
object, the within class resolution rule, and the equivalent class resolution rule (to 
provide access conflict resolution [fig. 2a - fig. 2c]). 

defining a hierarchy for the classes of object-entity relationships that is 
used to establish precedence in the event of an access conflict (to provide access 
conflict resolution [fig. 2a - fig. 2c]); 

Therefore, given the teachings of Sadjadi, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Montague by employing the well known features of object access conflict resolution 
disclosed above by Sadjadi, for which object accessibility will be enhanced [fig. 1]. 
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